Ethereum’s Parity Users Lose Millions in a Multi-Sig Hack

On July 19 the ethereum community was warned that the Parity client version 1.5 and above contained a critical vulnerability in the multi-signature wallet feature. Further, a group of multi-signature “black hat exploiters” has managed to drain 150,000 ether from multi-sig wallets and ICO projects.

A Vulnerability Found in the Multi-Signature Contract “Wallet.sol” Used in Parity Clients

According to the company Parity and the firm’s founder Gavin Wood, the startup’s product the Parity wallet version 1.5 and above contained a bug that enabled the theft of $30 million worth of ETH. The vulnerability discovered in these specific Parity wallets used a multi-signature contract called “wallet.sol” and the contract was utilized by a few initial coin offerings (ICO) as well. Circulating reports believe that three particular ICO projects were compromised including Swarm City, æternity, and Edgeless Casino.

The Parity startup had issued a security warning on its website on July 19 detailing the extent of the issue stating;

A vulnerability in Parity Wallet’s variant of the standard multi-sig contract has been found — Immediately move assets contained in the multi-sig wallet to a secure address.

The Mysterious ‘White Hat Group’ Returns to Rescue Funds

Following this incident, a group of unknown “white hat group” hackers took it upon themselves to drain the rest of the vulnerable multi-sig wallets by sweeping the network. According to the group, they recovered 377,105 ether worth about $85M at the time of writing. The group says they will be returning the funds to accounts that have been drained and are using the DAO rescue donations for the gas to send the ether forward.

“The White Hat Group were made aware of a vulnerability in a specific version of a commonly used multisig contract,” explains the hacker’s announcement. “This vulnerability was trivial to execute, so they took the necessary action to drain every vulnerable multisig they could find as quickly as possible. Thank you to the greater Ethereum Community that helped finding these vulnerable contracts.”

If you hold a multisig contract that was drained, please be patient. We will be creating another multisig for you that has the same settings as your old multisig but with the vulnerability removed and we will return your funds to you there. We will be using the donations sent to us from The DAO Rescue to pay for gas.

How Many More Faulty Contracts Will Be Found in the Future?

The news of the vulnerability comes just after the Coindash ICO hack last week which saw the loss of $10M worth of ether. The malicious hacks from that event last week and yesterday’s multi-signature wallet drain has had little effect on the price of ethereum. However, the cryptocurrency community is once again discussing the issue of faulty contracts held within the Ethereum network that currently hold millions of dollars in funds. Close to a quarter of a billion dollars in ether has been drained by either the “black hat exploiters” or the “white hat group” since the notorious DAO debacle last year.

What do you think about the latest multi-signature wallet ethereum hacks? Let us know in the comments below.

Images via Pixabay, and the Parity Tech website.

Whether you’re a beginner or a long-time bitcoin player, there’s always something interesting going on in the bitcoin.com Forums. We are proud free speech advocates, and no matter what your opinion on bitcoin we guarantee it’ll be seen and heard here.

Jamie Redman is a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open source code, and decentralized applications. Redman has written hundreds of articles about the disruptive protocols emerging today.

Sign up for the Bitcoin . com Newsletter

Bitcoin News delivered to you!

When?

In Case You Missed It

A new poll of IT managers at large UK businesses found that exactly half keep stockpiles of cryptocurrency for various reasons. Unlike what some might imagine, only a very small fraction of the companies that are holding bitcoin claim to be doing so as preparation for a ransomware attack… read more.

The DAO (decentralized autonomous organization) was the first major project to be launched on the Ethereum blockchain, complete with a novel governance structure that replaced a board of directors with a community-run model. It didn’t end well… read more.

If you’re new to Bitcoin, welcome. We’re a community of people from every part of the world, from as many walks of life as you can imagine, exploring the future of money. Let’s skip the philosophy and technical jargon, and just get you started using it… read more.

Available for Android and iOS: Try out the new Bitcoin .com Mobile Wallet

Download the Bitcoin.com Wallet right to your device for easy and secure access to your bitcoins. Perfect for beginners, the Bitcoin.com Wallet makes using and holding bitcoins easy. No logins required.